1 /* $OpenBSD: glxsb.c,v 1.7 2007/02/12 14:31:45 tom Exp $ */
2
3 /*
4 * Copyright (c) 2006 Tom Cosgrove <[email protected]>
5 * Copyright (c) 2003, 2004 Theo de Raadt
6 * Copyright (c) 2003 Jason Wright
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21 /*
22 * Driver for the security block on the AMD Geode LX processors
23 * http://www.amd.com/files/connectivitysolutions/geode/geode_lx/33234d_lx_ds.pdf
24 */
25
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28
29 #include <sys/param.h>
30 #include <sys/systm.h>
31 #include <sys/bus.h>
32 #include <sys/errno.h>
33 #include <sys/kernel.h>
34 #include <sys/lock.h>
35 #include <sys/malloc.h>
36 #include <sys/mbuf.h>
37 #include <sys/module.h>
38 #include <sys/mutex.h>
39 #include <sys/proc.h>
40 #include <sys/random.h>
41 #include <sys/rman.h>
42 #include <sys/rwlock.h>
43 #include <sys/sysctl.h>
44 #include <sys/taskqueue.h>
45
46 #include <machine/bus.h>
47 #include <machine/cpufunc.h>
48 #include <machine/resource.h>
49
50 #include <dev/pci/pcivar.h>
51 #include <dev/pci/pcireg.h>
52
53 #include <opencrypto/cryptodev.h>
54 #include <opencrypto/cryptosoft.h>
55 #include <opencrypto/xform.h>
56
57 #include "cryptodev_if.h"
58 #include "glxsb.h"
59
60 #define PCI_VENDOR_AMD 0x1022 /* AMD */
61 #define PCI_PRODUCT_AMD_GEODE_LX_CRYPTO 0x2082 /* Geode LX Crypto */
62
63 #define SB_GLD_MSR_CAP 0x58002000 /* RO - Capabilities */
64 #define SB_GLD_MSR_CONFIG 0x58002001 /* RW - Master Config */
65 #define SB_GLD_MSR_SMI 0x58002002 /* RW - SMI */
66 #define SB_GLD_MSR_ERROR 0x58002003 /* RW - Error */
67 #define SB_GLD_MSR_PM 0x58002004 /* RW - Power Mgmt */
68 #define SB_GLD_MSR_DIAG 0x58002005 /* RW - Diagnostic */
69 #define SB_GLD_MSR_CTRL 0x58002006 /* RW - Security Block Cntrl */
70
71 /* For GLD_MSR_CTRL: */
72 #define SB_GMC_DIV0 0x0000 /* AES update divisor values */
73 #define SB_GMC_DIV1 0x0001
74 #define SB_GMC_DIV2 0x0002
75 #define SB_GMC_DIV3 0x0003
76 #define SB_GMC_DIV_MASK 0x0003
77 #define SB_GMC_SBI 0x0004 /* AES swap bits */
78 #define SB_GMC_SBY 0x0008 /* AES swap bytes */
79 #define SB_GMC_TW 0x0010 /* Time write (EEPROM) */
80 #define SB_GMC_T_SEL0 0x0000 /* RNG post-proc: none */
81 #define SB_GMC_T_SEL1 0x0100 /* RNG post-proc: LFSR */
82 #define SB_GMC_T_SEL2 0x0200 /* RNG post-proc: whitener */
83 #define SB_GMC_T_SEL3 0x0300 /* RNG LFSR+whitener */
84 #define SB_GMC_T_SEL_MASK 0x0300
85 #define SB_GMC_T_NE 0x0400 /* Noise (generator) Enable */
86 #define SB_GMC_T_TM 0x0800 /* RNG test mode */
87 /* (deterministic) */
88
89 /* Security Block configuration/control registers (offsets from base) */
90 #define SB_CTL_A 0x0000 /* RW - SB Control A */
91 #define SB_CTL_B 0x0004 /* RW - SB Control B */
92 #define SB_AES_INT 0x0008 /* RW - SB AES Interrupt */
93 #define SB_SOURCE_A 0x0010 /* RW - Source A */
94 #define SB_DEST_A 0x0014 /* RW - Destination A */
95 #define SB_LENGTH_A 0x0018 /* RW - Length A */
96 #define SB_SOURCE_B 0x0020 /* RW - Source B */
97 #define SB_DEST_B 0x0024 /* RW - Destination B */
98 #define SB_LENGTH_B 0x0028 /* RW - Length B */
99 #define SB_WKEY 0x0030 /* WO - Writable Key 0-3 */
100 #define SB_WKEY_0 0x0030 /* WO - Writable Key 0 */
101 #define SB_WKEY_1 0x0034 /* WO - Writable Key 1 */
102 #define SB_WKEY_2 0x0038 /* WO - Writable Key 2 */
103 #define SB_WKEY_3 0x003C /* WO - Writable Key 3 */
104 #define SB_CBC_IV 0x0040 /* RW - CBC IV 0-3 */
105 #define SB_CBC_IV_0 0x0040 /* RW - CBC IV 0 */
106 #define SB_CBC_IV_1 0x0044 /* RW - CBC IV 1 */
107 #define SB_CBC_IV_2 0x0048 /* RW - CBC IV 2 */
108 #define SB_CBC_IV_3 0x004C /* RW - CBC IV 3 */
109 #define SB_RANDOM_NUM 0x0050 /* RW - Random Number */
110 #define SB_RANDOM_NUM_STATUS 0x0054 /* RW - Random Number Status */
111 #define SB_EEPROM_COMM 0x0800 /* RW - EEPROM Command */
112 #define SB_EEPROM_ADDR 0x0804 /* RW - EEPROM Address */
113 #define SB_EEPROM_DATA 0x0808 /* RW - EEPROM Data */
114 #define SB_EEPROM_SEC_STATE 0x080C /* RW - EEPROM Security State */
115
116 /* For SB_CTL_A and _B */
117 #define SB_CTL_ST 0x0001 /* Start operation (enc/dec) */
118 #define SB_CTL_ENC 0x0002 /* Encrypt (0 is decrypt) */
119 #define SB_CTL_DEC 0x0000 /* Decrypt */
120 #define SB_CTL_WK 0x0004 /* Use writable key (we set) */
121 #define SB_CTL_DC 0x0008 /* Destination coherent */
122 #define SB_CTL_SC 0x0010 /* Source coherent */
123 #define SB_CTL_CBC 0x0020 /* CBC (0 is ECB) */
124
125 /* For SB_AES_INT */
126 #define SB_AI_DISABLE_AES_A 0x0001 /* Disable AES A compl int */
127 #define SB_AI_ENABLE_AES_A 0x0000 /* Enable AES A compl int */
128 #define SB_AI_DISABLE_AES_B 0x0002 /* Disable AES B compl int */
129 #define SB_AI_ENABLE_AES_B 0x0000 /* Enable AES B compl int */
130 #define SB_AI_DISABLE_EEPROM 0x0004 /* Disable EEPROM op comp int */
131 #define SB_AI_ENABLE_EEPROM 0x0000 /* Enable EEPROM op compl int */
132 #define SB_AI_AES_A_COMPLETE 0x10000 /* AES A operation complete */
133 #define SB_AI_AES_B_COMPLETE 0x20000 /* AES B operation complete */
134 #define SB_AI_EEPROM_COMPLETE 0x40000 /* EEPROM operation complete */
135
136 #define SB_AI_CLEAR_INTR \
137 (SB_AI_DISABLE_AES_A | SB_AI_DISABLE_AES_B |\
138 SB_AI_DISABLE_EEPROM | SB_AI_AES_A_COMPLETE |\
139 SB_AI_AES_B_COMPLETE | SB_AI_EEPROM_COMPLETE)
140
141 #define SB_RNS_TRNG_VALID 0x0001 /* in SB_RANDOM_NUM_STATUS */
142
143 #define SB_MEM_SIZE 0x0810 /* Size of memory block */
144
145 #define SB_AES_ALIGN 0x0010 /* Source and dest buffers */
146 /* must be 16-byte aligned */
147 #define SB_AES_BLOCK_SIZE 0x0010
148
149 /*
150 * The Geode LX security block AES acceleration doesn't perform scatter-
151 * gather: it just takes source and destination addresses. Therefore the
152 * plain- and ciphertexts need to be contiguous. To this end, we allocate
153 * a buffer for both, and accept the overhead of copying in and out. If
154 * the number of bytes in one operation is bigger than allowed for by the
155 * buffer (buffer is twice the size of the max length, as it has both input
156 * and output) then we have to perform multiple encryptions/decryptions.
157 */
158
159 #define GLXSB_MAX_AES_LEN 16384
160
161 MALLOC_DEFINE(M_GLXSB, "glxsb_data", "Glxsb Data");
162
163 struct glxsb_dma_map {
164 bus_dmamap_t dma_map; /* DMA map */
165 bus_dma_segment_t dma_seg; /* segments */
166 int dma_nsegs; /* #segments */
167 int dma_size; /* size */
168 caddr_t dma_vaddr; /* virtual address */
169 bus_addr_t dma_paddr; /* physical address */
170 };
171
172 struct glxsb_taskop {
173 struct glxsb_session *to_ses; /* crypto session */
174 struct cryptop *to_crp; /* cryptop to perfom */
175 struct cryptodesc *to_enccrd; /* enccrd to perform */
176 struct cryptodesc *to_maccrd; /* maccrd to perform */
177 };
178
179 struct glxsb_softc {
180 device_t sc_dev; /* device backpointer */
181 struct resource *sc_sr; /* resource */
182 int sc_rid; /* resource rid */
183 struct callout sc_rngco; /* RNG callout */
184 int sc_rnghz; /* RNG callout ticks */
185 bus_dma_tag_t sc_dmat; /* DMA tag */
186 struct glxsb_dma_map sc_dma; /* DMA map */
187 int32_t sc_cid; /* crypto tag */
188 struct mtx sc_task_mtx; /* task mutex */
189 struct taskqueue *sc_tq; /* task queue */
190 struct task sc_cryptotask; /* task */
191 struct glxsb_taskop sc_to; /* task's crypto operation */
192 int sc_task_count; /* tasks count */
193 };
194
195 static int glxsb_probe(device_t);
196 static int glxsb_attach(device_t);
197 static int glxsb_detach(device_t);
198
199 static void glxsb_dmamap_cb(void *, bus_dma_segment_t *, int, int);
200 static int glxsb_dma_alloc(struct glxsb_softc *);
201 static void glxsb_dma_pre_op(struct glxsb_softc *, struct glxsb_dma_map *);
202 static void glxsb_dma_post_op(struct glxsb_softc *, struct glxsb_dma_map *);
203 static void glxsb_dma_free(struct glxsb_softc *, struct glxsb_dma_map *);
204
205 static void glxsb_rnd(void *);
206 static int glxsb_crypto_setup(struct glxsb_softc *);
207 static int glxsb_crypto_newsession(device_t, crypto_session_t, struct cryptoini *);
208 static void glxsb_crypto_freesession(device_t, crypto_session_t);
209 static int glxsb_aes(struct glxsb_softc *, uint32_t, uint32_t,
210 uint32_t, void *, int, void *);
211
212 static int glxsb_crypto_encdec(struct cryptop *, struct cryptodesc *,
213 struct glxsb_session *, struct glxsb_softc *);
214
215 static void glxsb_crypto_task(void *, int);
216 static int glxsb_crypto_process(device_t, struct cryptop *, int);
217
218 static device_method_t glxsb_methods[] = {
219 /* device interface */
220 DEVMETHOD(device_probe, glxsb_probe),
221 DEVMETHOD(device_attach, glxsb_attach),
222 DEVMETHOD(device_detach, glxsb_detach),
223
224 /* crypto device methods */
225 DEVMETHOD(cryptodev_newsession, glxsb_crypto_newsession),
226 DEVMETHOD(cryptodev_freesession, glxsb_crypto_freesession),
227 DEVMETHOD(cryptodev_process, glxsb_crypto_process),
228
229 {0,0}
230 };
231
232 static driver_t glxsb_driver = {
233 "glxsb",
234 glxsb_methods,
235 sizeof(struct glxsb_softc)
236 };
237
238 static devclass_t glxsb_devclass;
239
240 DRIVER_MODULE(glxsb, pci, glxsb_driver, glxsb_devclass, 0, 0);
241 MODULE_VERSION(glxsb, 1);
242 MODULE_DEPEND(glxsb, crypto, 1, 1, 1);
243
244 static int
glxsb_probe(device_t dev)245 glxsb_probe(device_t dev)
246 {
247
248 if (pci_get_vendor(dev) == PCI_VENDOR_AMD &&
249 pci_get_device(dev) == PCI_PRODUCT_AMD_GEODE_LX_CRYPTO) {
250 device_set_desc(dev,
251 "AMD Geode LX Security Block (AES-128-CBC, RNG)");
252 return (BUS_PROBE_DEFAULT);
253 }
254
255 return (ENXIO);
256 }
257
258 static int
glxsb_attach(device_t dev)259 glxsb_attach(device_t dev)
260 {
261 struct glxsb_softc *sc = device_get_softc(dev);
262 uint64_t msr;
263
264 sc->sc_dev = dev;
265 msr = rdmsr(SB_GLD_MSR_CAP);
266
267 if ((msr & 0xFFFF00) != 0x130400) {
268 device_printf(dev, "unknown ID 0x%x\n",
269 (int)((msr & 0xFFFF00) >> 16));
270 return (ENXIO);
271 }
272
273 pci_enable_busmaster(dev);
274
275 /* Map in the security block configuration/control registers */
276 sc->sc_rid = PCIR_BAR(0);
277 sc->sc_sr = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rid,
278 RF_ACTIVE);
279 if (sc->sc_sr == NULL) {
280 device_printf(dev, "cannot map register space\n");
281 return (ENXIO);
282 }
283
284 /*
285 * Configure the Security Block.
286 *
287 * We want to enable the noise generator (T_NE), and enable the
288 * linear feedback shift register and whitener post-processing
289 * (T_SEL = 3). Also ensure that test mode (deterministic values)
290 * is disabled.
291 */
292 msr = rdmsr(SB_GLD_MSR_CTRL);
293 msr &= ~(SB_GMC_T_TM | SB_GMC_T_SEL_MASK);
294 msr |= SB_GMC_T_NE | SB_GMC_T_SEL3;
295 #if 0
296 msr |= SB_GMC_SBI | SB_GMC_SBY; /* for AES, if necessary */
297 #endif
298 wrmsr(SB_GLD_MSR_CTRL, msr);
299
300 /* Disable interrupts */
301 bus_write_4(sc->sc_sr, SB_AES_INT, SB_AI_CLEAR_INTR);
302
303 /* Allocate a contiguous DMA-able buffer to work in */
304 if (glxsb_dma_alloc(sc) != 0)
305 goto fail0;
306
307 /* Initialize our task queue */
308 sc->sc_tq = taskqueue_create("glxsb_taskq", M_NOWAIT | M_ZERO,
309 taskqueue_thread_enqueue, &sc->sc_tq);
310 if (sc->sc_tq == NULL) {
311 device_printf(dev, "cannot create task queue\n");
312 goto fail0;
313 }
314 if (taskqueue_start_threads(&sc->sc_tq, 1, PI_NET, "%s taskq",
315 device_get_nameunit(dev)) != 0) {
316 device_printf(dev, "cannot start task queue\n");
317 goto fail1;
318 }
319 TASK_INIT(&sc->sc_cryptotask, 0, glxsb_crypto_task, sc);
320
321 /* Initialize crypto */
322 if (glxsb_crypto_setup(sc) != 0)
323 goto fail1;
324
325 /* Install a periodic collector for the "true" (AMD's word) RNG */
326 if (hz > 100)
327 sc->sc_rnghz = hz / 100;
328 else
329 sc->sc_rnghz = 1;
330 callout_init(&sc->sc_rngco, 1);
331 glxsb_rnd(sc);
332
333 return (0);
334
335 fail1:
336 taskqueue_free(sc->sc_tq);
337 fail0:
338 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr);
339 return (ENXIO);
340 }
341
342 static int
glxsb_detach(device_t dev)343 glxsb_detach(device_t dev)
344 {
345 struct glxsb_softc *sc = device_get_softc(dev);
346
347 crypto_unregister_all(sc->sc_cid);
348
349 callout_drain(&sc->sc_rngco);
350 taskqueue_drain(sc->sc_tq, &sc->sc_cryptotask);
351 bus_generic_detach(dev);
352 glxsb_dma_free(sc, &sc->sc_dma);
353 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr);
354 taskqueue_free(sc->sc_tq);
355 mtx_destroy(&sc->sc_task_mtx);
356 return (0);
357 }
358
359 /*
360 * callback for bus_dmamap_load()
361 */
362 static void
glxsb_dmamap_cb(void * arg,bus_dma_segment_t * seg,int nseg,int error)363 glxsb_dmamap_cb(void *arg, bus_dma_segment_t *seg, int nseg, int error)
364 {
365
366 bus_addr_t *paddr = (bus_addr_t*) arg;
367 *paddr = seg[0].ds_addr;
368 }
369
370 static int
glxsb_dma_alloc(struct glxsb_softc * sc)371 glxsb_dma_alloc(struct glxsb_softc *sc)
372 {
373 struct glxsb_dma_map *dma = &sc->sc_dma;
374 int rc;
375
376 dma->dma_nsegs = 1;
377 dma->dma_size = GLXSB_MAX_AES_LEN * 2;
378
379 /* Setup DMA descriptor area */
380 rc = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), /* parent */
381 SB_AES_ALIGN, 0, /* alignments, bounds */
382 BUS_SPACE_MAXADDR_32BIT,/* lowaddr */
383 BUS_SPACE_MAXADDR, /* highaddr */
384 NULL, NULL, /* filter, filterarg */
385 dma->dma_size, /* maxsize */
386 dma->dma_nsegs, /* nsegments */
387 dma->dma_size, /* maxsegsize */
388 BUS_DMA_ALLOCNOW, /* flags */
389 NULL, NULL, /* lockfunc, lockarg */
390 &sc->sc_dmat);
391 if (rc != 0) {
392 device_printf(sc->sc_dev,
393 "cannot allocate DMA tag (%d)\n", rc);
394 return (rc);
395 }
396
397 rc = bus_dmamem_alloc(sc->sc_dmat, (void **)&dma->dma_vaddr,
398 BUS_DMA_NOWAIT, &dma->dma_map);
399 if (rc != 0) {
400 device_printf(sc->sc_dev,
401 "cannot allocate DMA memory of %d bytes (%d)\n",
402 dma->dma_size, rc);
403 goto fail0;
404 }
405
406 rc = bus_dmamap_load(sc->sc_dmat, dma->dma_map, dma->dma_vaddr,
407 dma->dma_size, glxsb_dmamap_cb, &dma->dma_paddr, BUS_DMA_NOWAIT);
408 if (rc != 0) {
409 device_printf(sc->sc_dev,
410 "cannot load DMA memory for %d bytes (%d)\n",
411 dma->dma_size, rc);
412 goto fail1;
413 }
414
415 return (0);
416
417 fail1:
418 bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map);
419 fail0:
420 bus_dma_tag_destroy(sc->sc_dmat);
421 return (rc);
422 }
423
424 static void
glxsb_dma_pre_op(struct glxsb_softc * sc,struct glxsb_dma_map * dma)425 glxsb_dma_pre_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
426 {
427
428 bus_dmamap_sync(sc->sc_dmat, dma->dma_map,
429 BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
430 }
431
432 static void
glxsb_dma_post_op(struct glxsb_softc * sc,struct glxsb_dma_map * dma)433 glxsb_dma_post_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
434 {
435
436 bus_dmamap_sync(sc->sc_dmat, dma->dma_map,
437 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
438 }
439
440 static void
glxsb_dma_free(struct glxsb_softc * sc,struct glxsb_dma_map * dma)441 glxsb_dma_free(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
442 {
443
444 bus_dmamap_unload(sc->sc_dmat, dma->dma_map);
445 bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map);
446 bus_dma_tag_destroy(sc->sc_dmat);
447 }
448
449 static void
glxsb_rnd(void * v)450 glxsb_rnd(void *v)
451 {
452 struct glxsb_softc *sc = v;
453 uint32_t status, value;
454
455 status = bus_read_4(sc->sc_sr, SB_RANDOM_NUM_STATUS);
456 if (status & SB_RNS_TRNG_VALID) {
457 value = bus_read_4(sc->sc_sr, SB_RANDOM_NUM);
458 /* feed with one uint32 */
459 /* MarkM: FIX!! Check that this does not swamp the harvester! */
460 random_harvest_queue(&value, sizeof(value), RANDOM_PURE_GLXSB);
461 }
462
463 callout_reset(&sc->sc_rngco, sc->sc_rnghz, glxsb_rnd, sc);
464 }
465
466 static int
glxsb_crypto_setup(struct glxsb_softc * sc)467 glxsb_crypto_setup(struct glxsb_softc *sc)
468 {
469
470 sc->sc_cid = crypto_get_driverid(sc->sc_dev,
471 sizeof(struct glxsb_session), CRYPTOCAP_F_HARDWARE);
472
473 if (sc->sc_cid < 0) {
474 device_printf(sc->sc_dev, "cannot get crypto driver id\n");
475 return (ENOMEM);
476 }
477
478 mtx_init(&sc->sc_task_mtx, "glxsb_crypto_mtx", NULL, MTX_DEF);
479
480 if (crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0) != 0)
481 goto crypto_fail;
482 if (crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0) != 0)
483 goto crypto_fail;
484 if (crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0) != 0)
485 goto crypto_fail;
486 if (crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0) != 0)
487 goto crypto_fail;
488 if (crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0) != 0)
489 goto crypto_fail;
490 if (crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0) != 0)
491 goto crypto_fail;
492 if (crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0) != 0)
493 goto crypto_fail;
494 if (crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0) != 0)
495 goto crypto_fail;
496
497 return (0);
498
499 crypto_fail:
500 device_printf(sc->sc_dev, "cannot register crypto\n");
501 crypto_unregister_all(sc->sc_cid);
502 mtx_destroy(&sc->sc_task_mtx);
503 return (ENOMEM);
504 }
505
506 static int
glxsb_crypto_newsession(device_t dev,crypto_session_t cses,struct cryptoini * cri)507 glxsb_crypto_newsession(device_t dev, crypto_session_t cses,
508 struct cryptoini *cri)
509 {
510 struct glxsb_softc *sc = device_get_softc(dev);
511 struct glxsb_session *ses;
512 struct cryptoini *encini, *macini;
513 int error;
514
515 if (sc == NULL || cri == NULL)
516 return (EINVAL);
517
518 encini = macini = NULL;
519 for (; cri != NULL; cri = cri->cri_next) {
520 switch(cri->cri_alg) {
521 case CRYPTO_NULL_HMAC:
522 case CRYPTO_MD5_HMAC:
523 case CRYPTO_SHA1_HMAC:
524 case CRYPTO_RIPEMD160_HMAC:
525 case CRYPTO_SHA2_256_HMAC:
526 case CRYPTO_SHA2_384_HMAC:
527 case CRYPTO_SHA2_512_HMAC:
528 if (macini != NULL)
529 return (EINVAL);
530 macini = cri;
531 break;
532 case CRYPTO_AES_CBC:
533 if (encini != NULL)
534 return (EINVAL);
535 encini = cri;
536 break;
537 default:
538 return (EINVAL);
539 }
540 }
541
542 /*
543 * We only support HMAC algorithms to be able to work with
544 * ipsec(4), so if we are asked only for authentication without
545 * encryption, don't pretend we can accellerate it.
546 */
547 if (encini == NULL)
548 return (EINVAL);
549
550 ses = crypto_get_driver_session(cses);
551 if (encini->cri_alg == CRYPTO_AES_CBC) {
552 if (encini->cri_klen != 128) {
553 glxsb_crypto_freesession(sc->sc_dev, cses);
554 return (EINVAL);
555 }
556 arc4rand(ses->ses_iv, sizeof(ses->ses_iv), 0);
557 ses->ses_klen = encini->cri_klen;
558
559 /* Copy the key (Geode LX wants the primary key only) */
560 bcopy(encini->cri_key, ses->ses_key, sizeof(ses->ses_key));
561 }
562
563 if (macini != NULL) {
564 error = glxsb_hash_setup(ses, macini);
565 if (error != 0) {
566 glxsb_crypto_freesession(sc->sc_dev, cses);
567 return (error);
568 }
569 }
570
571 return (0);
572 }
573
574 static void
glxsb_crypto_freesession(device_t dev,crypto_session_t cses)575 glxsb_crypto_freesession(device_t dev, crypto_session_t cses)
576 {
577 struct glxsb_softc *sc = device_get_softc(dev);
578 struct glxsb_session *ses;
579
580 if (sc == NULL)
581 return;
582
583 ses = crypto_get_driver_session(cses);
584 glxsb_hash_free(ses);
585 }
586
587 static int
glxsb_aes(struct glxsb_softc * sc,uint32_t control,uint32_t psrc,uint32_t pdst,void * key,int len,void * iv)588 glxsb_aes(struct glxsb_softc *sc, uint32_t control, uint32_t psrc,
589 uint32_t pdst, void *key, int len, void *iv)
590 {
591 uint32_t status;
592 int i;
593
594 if (len & 0xF) {
595 device_printf(sc->sc_dev,
596 "len must be a multiple of 16 (not %d)\n", len);
597 return (EINVAL);
598 }
599
600 /* Set the source */
601 bus_write_4(sc->sc_sr, SB_SOURCE_A, psrc);
602
603 /* Set the destination address */
604 bus_write_4(sc->sc_sr, SB_DEST_A, pdst);
605
606 /* Set the data length */
607 bus_write_4(sc->sc_sr, SB_LENGTH_A, len);
608
609 /* Set the IV */
610 if (iv != NULL) {
611 bus_write_region_4(sc->sc_sr, SB_CBC_IV, iv, 4);
612 control |= SB_CTL_CBC;
613 }
614
615 /* Set the key */
616 bus_write_region_4(sc->sc_sr, SB_WKEY, key, 4);
617
618 /* Ask the security block to do it */
619 bus_write_4(sc->sc_sr, SB_CTL_A,
620 control | SB_CTL_WK | SB_CTL_DC | SB_CTL_SC | SB_CTL_ST);
621
622 /*
623 * Now wait until it is done.
624 *
625 * We do a busy wait. Obviously the number of iterations of
626 * the loop required to perform the AES operation depends upon
627 * the number of bytes to process.
628 *
629 * On a 500 MHz Geode LX we see
630 *
631 * length (bytes) typical max iterations
632 * 16 12
633 * 64 22
634 * 256 59
635 * 1024 212
636 * 8192 1,537
637 *
638 * Since we have a maximum size of operation defined in
639 * GLXSB_MAX_AES_LEN, we use this constant to decide how long
640 * to wait. Allow an order of magnitude longer than it should
641 * really take, just in case.
642 */
643
644 for (i = 0; i < GLXSB_MAX_AES_LEN * 10; i++) {
645 status = bus_read_4(sc->sc_sr, SB_CTL_A);
646 if ((status & SB_CTL_ST) == 0) /* Done */
647 return (0);
648 }
649
650 device_printf(sc->sc_dev, "operation failed to complete\n");
651 return (EIO);
652 }
653
654 static int
glxsb_crypto_encdec(struct cryptop * crp,struct cryptodesc * crd,struct glxsb_session * ses,struct glxsb_softc * sc)655 glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd,
656 struct glxsb_session *ses, struct glxsb_softc *sc)
657 {
658 char *op_src, *op_dst;
659 uint32_t op_psrc, op_pdst;
660 uint8_t op_iv[SB_AES_BLOCK_SIZE], *piv;
661 int error;
662 int len, tlen, xlen;
663 int offset;
664 uint32_t control;
665
666 if (crd == NULL || (crd->crd_len % SB_AES_BLOCK_SIZE) != 0)
667 return (EINVAL);
668
669 /* How much of our buffer will we need to use? */
670 xlen = crd->crd_len > GLXSB_MAX_AES_LEN ?
671 GLXSB_MAX_AES_LEN : crd->crd_len;
672
673 /*
674 * XXX Check if we can have input == output on Geode LX.
675 * XXX In the meantime, use two separate (adjacent) buffers.
676 */
677 op_src = sc->sc_dma.dma_vaddr;
678 op_dst = (char *)sc->sc_dma.dma_vaddr + xlen;
679
680 op_psrc = sc->sc_dma.dma_paddr;
681 op_pdst = sc->sc_dma.dma_paddr + xlen;
682
683 if (crd->crd_flags & CRD_F_ENCRYPT) {
684 control = SB_CTL_ENC;
685 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
686 bcopy(crd->crd_iv, op_iv, sizeof(op_iv));
687 else
688 bcopy(ses->ses_iv, op_iv, sizeof(op_iv));
689
690 if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
691 crypto_copyback(crp->crp_flags, crp->crp_buf,
692 crd->crd_inject, sizeof(op_iv), op_iv);
693 }
694 } else {
695 control = SB_CTL_DEC;
696 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
697 bcopy(crd->crd_iv, op_iv, sizeof(op_iv));
698 else {
699 crypto_copydata(crp->crp_flags, crp->crp_buf,
700 crd->crd_inject, sizeof(op_iv), op_iv);
701 }
702 }
703
704 offset = 0;
705 tlen = crd->crd_len;
706 piv = op_iv;
707
708 /* Process the data in GLXSB_MAX_AES_LEN chunks */
709 while (tlen > 0) {
710 len = (tlen > GLXSB_MAX_AES_LEN) ? GLXSB_MAX_AES_LEN : tlen;
711 crypto_copydata(crp->crp_flags, crp->crp_buf,
712 crd->crd_skip + offset, len, op_src);
713
714 glxsb_dma_pre_op(sc, &sc->sc_dma);
715
716 error = glxsb_aes(sc, control, op_psrc, op_pdst, ses->ses_key,
717 len, op_iv);
718
719 glxsb_dma_post_op(sc, &sc->sc_dma);
720 if (error != 0)
721 return (error);
722
723 crypto_copyback(crp->crp_flags, crp->crp_buf,
724 crd->crd_skip + offset, len, op_dst);
725
726 offset += len;
727 tlen -= len;
728
729 if (tlen <= 0) { /* Ideally, just == 0 */
730 /* Finished - put the IV in session IV */
731 piv = ses->ses_iv;
732 }
733
734 /*
735 * Copy out last block for use as next iteration/session IV.
736 *
737 * piv is set to op_iv[] before the loop starts, but is
738 * set to ses->ses_iv if we're going to exit the loop this
739 * time.
740 */
741 if (crd->crd_flags & CRD_F_ENCRYPT)
742 bcopy(op_dst + len - sizeof(op_iv), piv, sizeof(op_iv));
743 else {
744 /* Decryption, only need this if another iteration */
745 if (tlen > 0) {
746 bcopy(op_src + len - sizeof(op_iv), piv,
747 sizeof(op_iv));
748 }
749 }
750 } /* while */
751
752 /* All AES processing has now been done. */
753 bzero(sc->sc_dma.dma_vaddr, xlen * 2);
754
755 return (0);
756 }
757
758 static void
glxsb_crypto_task(void * arg,int pending)759 glxsb_crypto_task(void *arg, int pending)
760 {
761 struct glxsb_softc *sc = arg;
762 struct glxsb_session *ses;
763 struct cryptop *crp;
764 struct cryptodesc *enccrd, *maccrd;
765 int error;
766
767 maccrd = sc->sc_to.to_maccrd;
768 enccrd = sc->sc_to.to_enccrd;
769 crp = sc->sc_to.to_crp;
770 ses = sc->sc_to.to_ses;
771
772 /* Perform data authentication if requested before encryption */
773 if (maccrd != NULL && maccrd->crd_next == enccrd) {
774 error = glxsb_hash_process(ses, maccrd, crp);
775 if (error != 0)
776 goto out;
777 }
778
779 error = glxsb_crypto_encdec(crp, enccrd, ses, sc);
780 if (error != 0)
781 goto out;
782
783 /* Perform data authentication if requested after encryption */
784 if (maccrd != NULL && enccrd->crd_next == maccrd) {
785 error = glxsb_hash_process(ses, maccrd, crp);
786 if (error != 0)
787 goto out;
788 }
789 out:
790 mtx_lock(&sc->sc_task_mtx);
791 sc->sc_task_count--;
792 mtx_unlock(&sc->sc_task_mtx);
793
794 crp->crp_etype = error;
795 crypto_unblock(sc->sc_cid, CRYPTO_SYMQ);
796 crypto_done(crp);
797 }
798
799 static int
glxsb_crypto_process(device_t dev,struct cryptop * crp,int hint)800 glxsb_crypto_process(device_t dev, struct cryptop *crp, int hint)
801 {
802 struct glxsb_softc *sc = device_get_softc(dev);
803 struct glxsb_session *ses;
804 struct cryptodesc *crd, *enccrd, *maccrd;
805 int error = 0;
806
807 enccrd = maccrd = NULL;
808
809 /* Sanity check. */
810 if (crp == NULL)
811 return (EINVAL);
812
813 if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
814 error = EINVAL;
815 goto fail;
816 }
817
818 for (crd = crp->crp_desc; crd != NULL; crd = crd->crd_next) {
819 switch (crd->crd_alg) {
820 case CRYPTO_NULL_HMAC:
821 case CRYPTO_MD5_HMAC:
822 case CRYPTO_SHA1_HMAC:
823 case CRYPTO_RIPEMD160_HMAC:
824 case CRYPTO_SHA2_256_HMAC:
825 case CRYPTO_SHA2_384_HMAC:
826 case CRYPTO_SHA2_512_HMAC:
827 if (maccrd != NULL) {
828 error = EINVAL;
829 goto fail;
830 }
831 maccrd = crd;
832 break;
833 case CRYPTO_AES_CBC:
834 if (enccrd != NULL) {
835 error = EINVAL;
836 goto fail;
837 }
838 enccrd = crd;
839 break;
840 default:
841 error = EINVAL;
842 goto fail;
843 }
844 }
845
846 if (enccrd == NULL || enccrd->crd_len % AES_BLOCK_LEN != 0) {
847 error = EINVAL;
848 goto fail;
849 }
850
851 ses = crypto_get_driver_session(crp->crp_session);
852
853 mtx_lock(&sc->sc_task_mtx);
854 if (sc->sc_task_count != 0) {
855 mtx_unlock(&sc->sc_task_mtx);
856 return (ERESTART);
857 }
858 sc->sc_task_count++;
859
860 sc->sc_to.to_maccrd = maccrd;
861 sc->sc_to.to_enccrd = enccrd;
862 sc->sc_to.to_crp = crp;
863 sc->sc_to.to_ses = ses;
864 mtx_unlock(&sc->sc_task_mtx);
865
866 taskqueue_enqueue(sc->sc_tq, &sc->sc_cryptotask);
867 return(0);
868
869 fail:
870 crp->crp_etype = error;
871 crypto_done(crp);
872 return (error);
873 }
874